Currently my FREBSD box has a single user account that I use to telnet into an then su to root to do administrative tasks.

I'm hosting a lot of websites and am now looking into giving ftp access for users to their directory. What I have it this

/usr/local/www

from here are each domain I host, so each users directory is in this www directory.

Every directory in the www directory has 755 permissions. I have created a test account and set the user's home directory to

/usr/local/www/whatever.com/newuser

/usr/local/www/whatever.com/ has 755 permissions and is owned by newuser and group newuser

The rest of the directories in www are owned by my original login account so one directory would look like this

drwxr-xr-x 11 mark mark 1024 Aug 19 17:09 residenceperfection.com

I FTP'd in under the new user and it brought me to /usr/local/www/whatever.com/newuser like I wanted, but I was able to change directories to /usr/local/www/ and even able to goto /usr/local/www/residenceperfection.com under the new user and download files. Now access is denied for uploading into these directories, but you can see the issue. A user could potentially download another client's website, or even worse config files for logging into their admin page with username's/passwords etc.

What I want to do is allow the user access to only their directory

(ie) /usr/local/www/whatever.com/newuser

and not be able to cd to /usr/local/www or at least not be able to access /usr/local/www/someoneelseessite.com

Is it just a permissions thing?? What should they be for /usr/local/www and /usr/local/www/sitename.com? (provided sitename.com is owned and in a diffrent group) Can I set the permissions low enough to where another user can't see it, but it doesn't effect if a web user can access the page?

Thanks!!

Petey

drwxr-xr-x 11 mark mark 1024 Aug 19 17:09 residenceperfection.com
This line indiates that every user in the system has read permisions but they dont have write pemissions.
Thats why they can download files but cant upload files ( to upload files into a directory one needs write perms for that directory)

I think the possible solution is to change the permisions of all directories to 700

700 gives an Permission Denied on the web page, but setting the permissions to 711 or drwx--x--x gives access to the webpage, but denies access for other logins..

Thanks Sandy

Petey

Here's what I do with my server, I setup ftp account for other users but I only allow them access to their home directory. In their home I create a www folder, and then a folder for each domain name they use. For instance user 1 has two domains I host for him. I allow him chrooted ftp access to his home dir. so you have globally

so on and so forth, from there you'll just need to configure apache for virtual domains and set the document root for each domain to be

without the slash.

if your allowing space off a main domain or doing sub-domains you could include external directories from the document root and point to the users home in apache or you could do this a symbolic link where

Hope this helps.

People have failed to ask which ftp service is being used

proFTPd or wu-ftpd

I would choose proFTPd it has an easier configuration.
f you are using proftp, try adding the line below in your /etc/proftpd.conf file:

DefaultRoot ~

That should set the users home directory to be the root of the file system for them to use. Also, they can only access other areas if the permissions are set to allow the request for the world. Or a group if they are assigned to the group. When you create the user/group set the home directory to there domain.


Also hopefully you just didnt uncomment out the port.

Here is a good site that has good refference

Guide The page is well done I used it as a refernce for Samba and my proFTpd. works very well and easy to understand